Article Categories

Monday, December 31, 2012

Microsoft Security Advisory 2794220 has been updated to provide a Fix it solution. Applying this Fix it solution will prevent the vulnerability in the referenced Security Advisory from being used for code execution without affecting your ability to browse the Web.

Microsoft Fix it

A Microsoft Fix it solution is available now for applying to protect your computer. The update will not require a restart.

At this time, Microsoft is aware of a very small number of targeted attacks. This issue allows remote code execution if users browse to a malicious website with an affected browser. Generally, this is a result of an attacker convincing someone to click a link in an email or instant message.

Recommendations:

Microsoft is actively working to develop a security update to address the issue. In the meantime, please consider the following suggestions:

1. Update Internet Explorer -- If your operating system is Windows Vista or Windows 7, update to Internet Explorer 9. For Windows XP, your system will be more secure if you update to Internet Explorer 8.

2. Update or Uninstall Java -- Current exploits of this type of vulnerability in Internet Explorer use
third-party software, including Oracle’s Java, to help obtain reliable
exploitation.

Most home computer users no longer need Java. Following are reasons why someone may need Oracle Sun Java installed on their computer:

It used to be that Java was needed for
websites to be properly displayed. However, that is generally not the
case now with Flash having taken over.

There may be commercial programs that depend
on Java. If Java is needed for a software installed on your computer,
there should be a prompt for it.

If you need Java, be sure you have uninstalled all old, vulnerable
versions and have only the most recent release installed on your
computer. The current version of Java is Version 7 Update 10.

3. Install and configure EMET -- The Enhanced Mitigation Experience Toolkit was designed to help prevent hackers from gaining access to your system. It prevents exploitation by applying in-box mitigations to help protect against this and other issues and should not affect usability of websites.

An easy guide for EMET installation and configuration is available in KB2458544. Additional information about configuring EMET is available in the EMET User's Guide, in the following locations:

32-bit systems -- C:\Program Files\EMET\EMET User's Guide.pdf

64-bit systems -- C:\Program Files (x86)\EMET\EMET User's Guide.pdf

Additional suggestions are available in the MSRC Blog post and the Security Advisory, referenced below.

Tuesday, December 11, 2012

Adobe Flash Player was updated to address critical security vulnerabilities. These updates address a vulnerability that could
cause the application to crash and potentially allow an attacker to take
control of the affected system.

Flash Player Update Instructions

Flash Player for Windows, Macintosh and Linux

Although Adobe suggests downloading the update from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted, if you prefer, direct download links are available.

Beginning with Adobe Flash Version 11.3, the universal 32-bit
installer will include the 32-bit and 64-bit versions of the Flash
Player.

If you use the Adobe Flash Player Download Center, be careful to uncheck the optional McAfee Security Plus box. It is not needed for the Flash Player update.

Uncheck any toolbar offered with Adobe products if not wanted.

If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.

The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.

Adobe Flash Player for Android

The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.

Verify Installation

To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu.

Do this for each browser installed on your computer.

To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

Support

The following additional information is provided in the Security Bulletin:

The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.

Monday, December 10, 2012

No
question about it, Bill Pytylovany has done it again! Officially
released is WinPatrol 2013, version 26.0.2013, which Bill has enhanced
for Windows 8. It works with either Windows 8 or Windows 8
Professional. However, there (currently at least) is not an App for
Windows RT so it will not work on Windows RT.

Although additional
features specific to Windows 8 will be added to WinPatrol in the
future, for people using Windows 8 who want to go directly to the
desktop, you can use WinPatrol to easily make that happen. With File
Explorer (explorer.exe) as a Start up Program will cause Windows 8 to
switch to the desktop mode. To add explorer.exe (or other programs) to
Start up is easy with WinPatrol:

Adding Programs to Start up

Right-click Scotty in the system tray and click "Display Startup Info..." Accept the UAC prompt.

At the bottom of the Start up Programs tab, click the Add button

Navigate to the location of the program to be added, locate and highlight the .exe file and click Open (explorer.exe is located in the C:\Windows directory).

Thursday, December 06, 2012

Five bulletins are identified as Critical and address vulnerabilities in Microsoft Windows, Word, Windows Server and Internet Explorer. The two remaining bulletins are rated Important and will address issues in Microsoft Windows.

As happens each month, Microsoft will also release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

*In the event you have had problems in the past with .NET Framework updates, it is suggested that you install MS12-074 (KB2745030) separately, including a shutdown/restart.

Support

The following additional information is provided in the Security Bulletin:

The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.

Thursday, November 08, 2012

On Tuesday, November 13, 2012, Microsoft is planning to release six (6) bulletins.

Four bulletins are identified as Critical and address thirteen vulnerabilities in Microsoft Windows, Internet Explorer and the .NET Framework. Four vulnerabilities in
Microsoft Office will be addressed in one bulletin rated Important. The remaining bulletin rated Moderate will address two
issues in Microsoft Windows.

As I have advised in the past, if you have problems with .NET Framework updates, please install that update separately with a shutdown/restart following the update.

As happens each month, Microsoft will also release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Wednesday, November 07, 2012

Adobe Flash Player was updated to address security vulnerabilities. These updates address a vulnerability that could
cause the application to crash and potentially allow an attacker to take
control of the affected system.

Update Information

The newest version for Windows and Macintosh is 11.5.502.110. For Linux, the newest version is 11.2.202.251.

Flash Player Update Instructions

Flash Player for Windows, Macintosh and Linux

Although Adobe suggests downloading the update from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted, if you prefer, direct download links are available.

Users of Adobe AIR
3.5.0.600 for Windows and Macintosh should update to Adobe AIR 3.5.

Beginning with Adobe Flash Version 11.3, the universal 32-bit
installer will include the 32-bit and 64-bit versions of the Flash
Player.

If you use the Adobe Flash Player Download Center, be careful to uncheck the optional McAfee Security Plus box. It is not needed for the Flash Player update.

Uncheck any toolbar offered with Adobe products if not wanted.

If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.

The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.

Adobe Flash Player for Android

The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.

Verify Installation

To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu.

Do this for each browser installed on your computer.

To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

Saturday, November 03, 2012

Yes, you read the title correctly. Kaspersky released their 2012 third quarter report of the top ten vulnerabilities and no Microsoft product is on the list. The data in the report is based on vulnerable
programs and files detected on the computers of KSN users. There was an
average of eight different vulnerabilities on each affected computer.

Topping the list is Oracle Java, followed by Adobe products, particularly Adobe Flash Player. Also included in the list are two Apple products, Quick Time and iTunes. The list of vulnerabilities can be found on the Securelist, "IT Threat Evolution: Q3 2012", here.

If your computer does get infected or you need assistance determining if
it is up to date, post the requested logs for review in the Analysis and Malware Removal forum at LandzDown or in the Security Arena at Sysnative.com.

Remember - "A day without laughter is a day wasted."May the wind sing to you and the sun rise in your heart...

Thursday, October 25, 2012

If you missed other opportunities to purchase a WinPatrol PLUS license for 99 cents, this may be your last chance. Although Bill Pytlovany is once again providing this wonderful opportunity, he expects it will be the last.

The special is available now through Friday, October 25, 2012.October 26, 2012 (thanks, Kosh!). Each 99 cent license is good for a single machine, although you can indeed order multiple
licenses. A single activation code will be created per order. The
name/code combination can be used on each machine.

NOTE: Bill told me that many people are
not waiting or clicking continue to get their PLUS code after making the
purchase. Although Bill can get it for you, there will be a delay
while he processes the e-mail and tracks down the code. So, please wait
for the code!!!

If you already have the free version of WinPatrol
installed, all you need do is launch WinPatrol and click the About/PLUS
tab. Just enter your new PLUS code and the PLUS features will
automatically be activated!!!

If you do not have WinPatrol
installed, you can download it at the time of
purchasing the PLUS code or just go to WinPatrol.com and download it.
You'll download the "free" version and then add your PLUS code after
installing it.

Its that simple!

As always with your WinPatrol PLUS license, the 99 cent license
is transferable if you get a new computer.

If you are new to WinPatrol or a long-time supporter of this great software program, we're happy to help with WinPatrol questions at LandzDown in our WinPatrol Help & Information forum.

It is strongly recommended that the update be applied as soon as possible.

Although Java is not required (See Do You Need Java?), if you do have Java installed on your computer, it is advisable to install the latest update. It is also advised that all prior (and vulnerable) versions of Java SE be uninstalled from your computer.

Download Information

Now that Java SE 7 has been officially released, it is recommended
that users of Java SE 6 upgrade to the latest version. When you upgrade
from Java SE 6 to Java SE 7, please check installed program files and
remove all versions of Java SE 6. The "end of life" date for Java SE 6
has been extended from July 2012
to February 2013, to allow additional time for businesses to transition to JDK 7.

Thursday, October 11, 2012

Due to a critical security vulnerability, Firefox 16 was pulled from the release channel shortly after its release yesterday. The vulnerability has been addressed in the release of version 16.0.1. Also addressed were two bugs resulting in crashes.

Tuesday, October 09, 2012

UPDATE: Firefox 16 was pulled from the update channel. See the Mozilla Security Blog: Security Vulnerability in Firefox 16.
Until the problems with version 16 are fixed, the previous version 15.0.1 can be downloaded from this direct link: Firefox 15.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Firefox 16 was sent to the release channel today by Mozilla. Included in the update are eleven (11) critical and three (3) high security updates.

Based on the extensive list of security updates, it is recommended that the update be applied as soon as possible.

Microsoft released seven (7) bulletins addressing 20 issues in Microsoft Windows, SQL Server, and Office including SharePoint, Lync, Microsoft Works and InfoPath. One bulletin is identified as Critical with the remaining six bulletins rated Important.

As indicated in the Advance Notice, the issues in FAST Search Server are addressed in the MS12-067, Security Advisory 2737111.

Users of Microsoft Works are advised that this product reaches the end of its support lifecycle this week.

Support

The following additional information is provided in the Security Bulletin:

The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.

Monday, October 08, 2012

Adobe Flash Player was updated to address security vulnerabilities. These updates address a vulnerability that could
cause the application to crash and potentially allow an attacker to take
control of the affected system.

Flash Player Update Instructions

Flash Player for Windows, Macintosh, Linux and Solaris

Although Adobe suggests downloading the update from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted, if you prefer, direct download links are available.

Beginning with Adobe Flash Version 11.3, the universal 32-bit
installer will include the 32-bit and 64-bit versions of the Flash
Player.

If you use the Adobe Flash Player Download Center, be careful to uncheck the optional McAfee Security Plus box. It is not needed for the Flash Player update.

Uncheck any toolbar offered with Adobe products if not wanted.

If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.

The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.

Adobe Flash Player for Android

The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.

Verify Installation

To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu.

Do this for each browser installed on your computer.

To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.